package com.vcredit.creditcat.service;

import java.util.Collection;
import java.util.Iterator;
import org.springframework.security.access.AccessDeniedException;   
import org.springframework.security.access.ConfigAttribute;   
import org.springframework.security.access.SecurityConfig;   
import org.springframework.security.authentication.InsufficientAuthenticationException;   
import org.springframework.security.core.Authentication;   
import org.springframework.security.core.GrantedAuthority;   
import org.springframework.stereotype.Service; 
/**
 * 权限认证管理
 *
 */
@Service("accessDecisionManagerService")
public class AccessDecisionManagerService implements org.springframework.security.access.AccessDecisionManager{
	/**
	 * 判断是否有权限列表
	 */
	public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException,
			InsufficientAuthenticationException {
		
        if (configAttributes == null) {   
            return;   
        }    
        Iterator<ConfigAttribute> ite = configAttributes.iterator();   
        while (ite.hasNext()) {   
            ConfigAttribute ca = ite.next();    
            String needRole = ((SecurityConfig) ca).getAttribute();   
            for (GrantedAuthority ga : authentication.getAuthorities()) {   
                if (needRole.equals(ga.getAuthority())) {  
                    return;   
                }   
            }   
        }   
        throw new AccessDeniedException("没有权限");   

	}

	public boolean supports(Class<?> arg0) {
		
		return true;
	}

	public boolean supports(ConfigAttribute arg0) {
		
		return true;
	}

}
